-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgen_certificate.py
64 lines (56 loc) · 2.23 KB
/
gen_certificate.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
def gen_self_signed_certificate() -> tuple[bytes, bytes]:
"""
Provides a key-pair suitable to be used as a self-signed certificate (in PEM
format).
Returns:
Returns a tuple with the bytes for the public and private key generated.
"""
import datetime
import socket
from cryptography import x509
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.x509.oid import NameOID
one_day = datetime.timedelta(1, 0, 0)
private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
public_key = private_key.public_key()
builder = x509.CertificateBuilder()
builder = builder.subject_name(
x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, socket.gethostname())])
)
builder = builder.issuer_name(
x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, socket.gethostname())])
)
builder = builder.not_valid_before(datetime.datetime.today() - one_day)
builder = builder.not_valid_after(datetime.datetime.today() + (one_day * 365 * 5))
builder = builder.serial_number(x509.random_serial_number())
builder = builder.public_key(public_key)
builder = builder.add_extension(
x509.SubjectAlternativeName(
[
x509.DNSName(socket.gethostname()),
x509.DNSName("*.%s" % socket.gethostname()),
x509.DNSName("localhost"),
x509.DNSName("*.localhost"),
x509.DNSName("127.0.0.1"),
x509.DNSName("*.127.0.0.1"),
]
),
critical=False,
)
builder = builder.add_extension(
x509.BasicConstraints(ca=False, path_length=None), critical=True
)
certificate = builder.sign(private_key=private_key, algorithm=hashes.SHA256())
return (
certificate.public_bytes(serialization.Encoding.PEM),
private_key.private_bytes(
serialization.Encoding.PEM,
serialization.PrivateFormat.PKCS8,
serialization.NoEncryption(),
),
)
if __name__ == "__main__":
public, private = gen_self_signed_certificate()
print(public.decode("utf-8"))
print(private.decode("utf-8"))